The FTC will hold a big data workshop Sept. 15 to examine how data collection practices affect low-income and underserved consumers, it said in a Friday news release (http://1.usa.gov/1gi8J9M). “A growing number of companies are increasingly using big data analytics techniques to categorize consumers and make predictions about their behavior,” said Chairwoman Edith Ramirez. The workshop will examine “the potentially positive and negative effects” of these techniques, she said. For instance, financial institutions and retailers have used predictive analytics to offer different prices to different customers or to tailor advertising for financial products, the FTC said. “Such uses of big data are expected to create efficiencies, lower costs, and improve the ability of certain populations to find and access credit and other services,” the FTC said. “At the same time, these practices may have an unfair impact on other populations, limiting their access to higher quality products, services, or content.” In recent months, the FTC has explored similar data collection privacy issues, including two-hour seminars on mobile device tracking and alternative scoring products In May, the FTC will also hold a third seminar on healthcare data (http://1.usa.gov/1jY27hV). The FTC will accept comments ahead of its big data workshop until Aug. 15, with a post-workshop comment period until Oct. 15(http://1.usa.gov/1qo0KuX).
"Catastrophic” is how technology experts are describing the recently discovered security glitch in Secure Sockets Layer (SSL). Finnish security firm Codenomicon discovered the flaw, called the Heartbleed bug (http://heartbleed.com/), which affects OpenSSL, a cryptographic software library used to secure websites using HTTPS encryption to protect data. The company said the bug allows hackers to access websites’ code, data and passwords, as well as “eavesdrop on communications.” Internet security technologist Bruce Schneier -- a board member of the Electronic Frontier Foundation (EFF) and advisory board member of the Electronic Privacy Information Center (EPIC) -- called the bug “catastrophic,” in a Wednesday blog post (http://bit.ly/1ea7ECa0). “On the scale of 1 to 10, this is an 11,” he said, saying 500,000 sites were vulnerable to the flaw. “The probability is close to one that every target has had its private keys extracted by multiple intelligence agencies,” Schneier said. “The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident.” Karl Volkman, chief technology officer of network service provider SRV Network, said “the threat that this flaw poses is tremendous,” but suggested that changing one’s passwords before major websites fix the flaw “will allow hackers to still have access to personal information.” Johns Hopkins University computer science professor and cryptographer Matthew Green said Heartbleed is “the result of a relatively mundane coding error,” in a Tuesday blog post (http://bit.ly/1oN7UvE). “And predictably, this makes it more devastating than all of those fancy attacks put together.” The FTC recently settled two complaints on mobile apps with allegedly inadequate data security, highlighting both apps’ disabled SSL certificate (CD March 31 p8).
Properly designed sharing of cyberthreat information is “not likely to raise antitrust concerns,” said the FTC and Department of Justice Thursday in a policy statement. The policy statement does not change the two agencies’ existing analysis, which stems from an October 2000 review (http://1.usa.gov/1n8Zeef). “This statement should help private businesses by making it clear that antitrust laws do not stand in the way of legitimate sharing of cybersecurity threat information,” said FTC Chairwoman Edith Ramirez in a news release. The statement should also encourage the private sector to increase cybersecurity information sharing, said Assistant Attorney General Bill Baer, head of the Antitrust Division. “Cyber threats are increasing in number and sophistication, and sharing information about these threats, such as incident reports, indicators and threat signatures, is something companies can do to protect their information systems and help secure our nation’s infrastructure,” he said during a news conference, according to a prepared version of the speech (http://1.usa.gov/1hEklQr). Cybersecurity information sharing is different from actions that may raise antitrust concerns at FTC and Justice, such as sharing business plans or future price information, the agencies said. The agencies typically examine information sharing agreements through the lens of the agreement’s overall effect on competition. Cyberthreat information sharing can improve efficiency and secure networks both inside and outside critical infrastructure, the agencies said. Since cyberthreat information is typically very technical and covers a “limited category of information,” it’s unlikely to increase participants’ ability or incentive to raise prices or otherwise harm competition, the agencies said. The cybersecurity executive order President Barack Obama signed last year was meant in part to facilitate increased information sharing between companies within critical infrastructure sectors and between the private sector and the government (CD Feb 14/13 p1). The White House “will continue to work with our partners in industry to encourage the development of a network of information sharing partnerships and to identify actions we can take to further reduce barriers to information sharing,” said White House Cybersecurity Coordinator Michael Daniel in a blog post (http://1.usa.gov/1jwKTaL). Congress “must also do its part and enact meaningful solutions to enhance cybersecurity,” Senate Judiciary Committee Chairman Patrick Leahy, D-Vt., said in a statement Thursday. “Developing a comprehensive national cybersecurity strategy is one of the most serious and unmet needs confronting the nation today. Federal data privacy legislation to establish a single, national standard for data breach notification is an important component of cybersecurity legislation and is long overdue.” The House passed the Cyber Intelligence Sharing and Protection Act (HR-624) last year, but efforts to produce a similar bill in the Senate Intelligence Committee appear unlikely to succeed during the remainder of the 113th Congress (CD Jan 6 p2).
There were 40 million new broadband subscribers in 2013, which shows a steady growth in broadband adoption, a Broadband Forum study said. The global total has reached more than 678 million subscribers, the study released Wednesday said (http://bit.ly/1n4MIN0). IPTV is nearing the 100 million subs threshold, with 21 percent growth last year and 17 million new subscribers, reaching an overall total of 96 million in 2013, it said. The figures show that copper-based technologies continue to be dominant, although fiber-based technologies are taking a firmer grip, it said. China added more than 3 million subscribers in the fourth quarter of 2013, it said. After China, the U.S., Japan and Germany had the most subscribers by the end of Q4, the study said. The figures were “prepared by” Point Topic.
Six major movie studios are suing Megaupload and its operators for facilitating, encouraging and profiting from “massive copyright infringement of movies and television shows,” said an MPAA news release Monday (http://bit.ly/1mVIK9q). Megaupload’s main file-hosting site, Megaupload.com, was shut down in 2012, and its operators were indicted on federal criminal charges, MPAA said. But the new lawsuit -- filed in the U.S. District Court in Alexandria, Va. -- is a civil action “seeking damages and defendants’ profits for copyright infringement,” according to the suit (http://bit.ly/1hm6eoI). “Infringing content on Megaupload.com and its affiliates was available in at least 20 languages, targeting a broad global audience,” said MPAA Global General Counsel Steven Fabrizio. “According to the government’s indictment, the site reported more than $175 million in criminal proceeds and cost U.S. copyright owners more than half a billion dollars.” The suit pointed to Megaupload.com’s “Uploader Rewards” program as evidence the company “openly paid Megaupload users money to upload popular unauthorized and unlicensed content.” Megaupload could not be reached for comment.
"The continued success of the Internet as a platform for innovation, speech, and commerce should not be taken for granted,” the Internet Association said in comments to the FCC posted Friday (http://bit.ly/1si0Oyr). The Internet Association includes Amazon, AOL, Facebook, LinkedIn and other major edge providers. Broadband ISPs have a “gatekeeper” function and the ability to discriminate against certain types of Internet traffic, the association said: “The Commission should adopt enforceable rules to preserve the fundamental characteristics of an open Internet.” Section 706 of the Communications Act, along with Titles II, III and VI, give the FCC “the authority it needs” to protect the Internet, the association said. The group pushed transparency, no-blocking and nondiscrimination rules, and said they should apply to both the wired and wireless environments on a case-by-case basis. “Wireless broadband is no longer the fledgling platform” it was at the start of the original net neutrality proceeding, the association said. “New companies that are excluded from mobile broadband will not be able to compete fairly or effectively.” As for interconnection policies, the association said it believes the entire industry of ISPs, content delivery networks and application providers should “aspire” to settlement-free peering “because that outcome ultimately benefits all stakeholders in the Internet ecosystem.” An FCC spokesman confirmed the agency won’t consider regulating peering or interconnection as part of its new net neutrality rules, but will continue to monitor the situation in case regulation is needed in the future (CD April 2 p2).
A Russian social network’s music service is the target of legal action by the recording industry for “deliberately facilitating piracy on a large scale,” said an International Federation of the Phonographic Industry (IFPI) news release Thursday (http://bit.ly/1kuUDBq). Sony Music Russia, Universal Music Russia and Warner Music UK all filed separate cases against the social network, vKontakte (VK), in the Saint Petersburg & Leningradsky Region Arbitration Court, claiming VK “operates an unlicensed music service involving a huge library of copyright-infringing tracks that are stored on its website,” IFPI said. “The service provides unlimited access to this repertoire, enabling its tens of millions of users to search and stream music.” The companies are asking the court require VK to institute “effective industry-standard measures, such as audio fingerprinting” and for VK to pay over $1.4 million in compensation.
Pandora’s listener hours rose 14 percent to 1.71 billion in March, from March 2013, and its share of total U.S. radio listening reached 9.1 percent, up from 8 percent, the company said Thursday. Active listeners for March totaled 75.3 million, an 8 percent bump from last March, it said. Wedbush Securities maintained a “neutral” rating on Pandora, saying March listener hours exceeded expectations, but the number of active listeners was below its estimate of 78 million. Wedbush expects listener hours to rebound over the next few months as Pandora integration in vehicles expands. Wedbush also sees RPMs (revenue per thousand listener hours) trending up for Pandora as newly accepted measurement techniques improve its appeal to advertisers. On its last earnings call, Pandora said it will no longer disclose key audience metrics on a monthly basis after June because monthly metrics had been provided to help advertisers make informed buying decisions. But Pandora decided it was no longer necessary to continue monthly updates after the Media Rating Council granted accreditation to Triton Digital metrics allowing for accurate side-by-side comparisons of listening hours between Pandora and local radio competitors.
Google petitioned the Supreme Court in late March to rule on whether the U.S. District Court in San Francisco “erred in holding that ‘radio communications’ under the Wiretap Act are restricted to ‘predominantly auditory broadcasts’ and do not include Wi-Fi communications even though Wi-Fi communications are transmitted using radio waves (http://bit.ly/1gOObX4). The petition results from ongoing lawsuits against Google over the company gathering data from unencrypted Wi-Fi networks as part of its Street View program, known as the “Wi-Spy” case. Google paid $7 million in a March 2013 settlement with dozens of states over the issue (http://1.usa.gov/ZjOI7I), and in September the U.S. District Court in San Francisco ruled against Google in several merged class-action lawsuits, the petition said. But the Justice Department and FCC have cleared Google in the matter, said the petition. Google did not comment beyond the text of the petition.
House Communications Subcommittee ranking member Anna Eshoo, D-Calif., and three members of the House Armed Services Committee -- Reps. Bill Keating, D-Mass.; Joe Kennedy, D-Mass.; and Tom Marino, R-Pa. -- introduced a resolution Tuesday that urges Turkey’s government to restore its citizens’ access to Twitter and YouTube. The resolution is meant to show “we stand united against actions that restrict Internet freedom in Turkey and around the world,” Eshoo said in a news release. “Today the Internet connects people all around the world, and to maintain the vibrancy of the internet as we know it, it’s imperative that people from all nations have unfettered access,” Marino said in the news release (http://1.usa.gov/1gLQ9Yh).